The Exchange 2007 preview center has a new white paper on Exchange 2007’s unified messaging (UM) implementation. If you’re interested in how UM works, check it out.
Museum of Flight
Short review: it was fantastic! They have a Concorde (see below), a fully restored SR-71 with a drone and a start cart, some really beautifully restored WW II warbirds (including both Corsair variants), and a really nifty air traffic control exhibit. I enjoyed the Barry Ross art show as much as I thought I would, and surprisingly David liked it too.
The panorama below is of the museum’s Concorde; I shot with a Nikon Coolpix S6 using its panorama assist mode. I then used a Mac program called DoubleTake to stitch the panorama together. I’m really pleased with how it turned out and will be registering DoubleTake (and taking more panoramas– sure wished I had thought to take one of the Blackbird while we were there!)
Comments Off on Museum of Flight
Filed under Travel
Stampin’ Up convention
Attention Arlene: Stampin’ Up had its annual convention this past week in Salt Lake City. This writeup from the Salt Lake Tribune blames energy and travel costs for lower attendance. Personally, I didn’t attend because I don’t own any stamps, but that’s just me. (See also this article from the Deseret News.)
Comments Off on Stampin’ Up convention
Filed under Friends & Family
Steve Riley on mandatory integrity control
Steve Riley has a great blog post on mandatory integrity control (MIC) in Windows Vista. MIC is an old concept I fondly remember the old Multics machine that USL had; Multics was one of the first machines to implement MIC in any meaningful way. Anyway, the Vista implementation of MIC is pretty interesting; read Steve’s blog to find out more.
Filed under Security
CA buys XOsoft
Wow! Not sure how I missed this bombshell: CA bought XOsoft. I hope CA has the good sense to leave the XOsoft folks in place and let them do what they do best.
Filed under UC&C
Exchange 2007 beta 2 now available
Great news! Exchange 2007 beta 2 is being launched today. The press release is here. You can download it or order it on DVD; the download isn’t active yet (I expect it any minute, but Microsoft.com is so huge there’s often a gap between press release postings and live bits).
In very closely related news, the Exchange 2007-compatible version of Microsoft Forefront (née Antigen) will be available today too.
Comments Off on Exchange 2007 beta 2 now available
Filed under UC&C
MSFP policies and lockout times
Microsoft’s been making a big deal out of the Messaging and Security Feature Pack, which adds some nifty device and security management features to Windows Mobile 5.0 devices. However, there’s a problem with MSFP policies on the device side; ironically, it only shows up on devices of security-conscious users.
Let’s say that you set a device timeout on your WM5.0 device of 5 minutes. You then create an MSFP policy that sets the device lock policy time to 15 minutes. When the policy is applied to the device, your 5-minute timeout is overridden with the 15-minute timeout, making the device somewhat less secure.
What can you do about it? Nothing at the moment. The Windows Mobile team is well aware of the issue, and I’m sure they’re busy thinking about how they can best fix the problem.
Comments Off on MSFP policies and lockout times
Filed under UC&C
Compliance and encryption
It sometimes happens that I get the same (or similar) question from several people within a short time frame. That’s usually a good indicator that the answer would make a good blog entry! Today’s installment in this long-running series is simple: how do journaling systems and encrypted mail go together?
When you use S/MIME, the message is encrypted when the client submits it to the store. Exchange only gets the encrypted version. That means that when it’s journaled, it’s encrypted. It stays encrypted until the recipient opens it. The journaling system can copy the message, and it will have access to the envelope information (like who sent the message, who it’s addressed to, and the subject). However, for encrypted messages, the message payload is encrypted, so it won’t be readable by the archiving administrator.
When you use Windows Rights Management Services, the situation is much the same: the message is protected before it leaves the client. However, RMS supports the concept of a group of “super users” who can recover content no matter who created it. That means that super users can recover protected content from the archive, which is exactly what most companies want to do.
How do you get RMS-like behavior from S/MIME? Simple (well, conceptually simple, anyway). All you need to do is CC or BCC the archiving administrator on every message sent. That will cause the message to be encrypted with their cert as a recipient, preserving their ability to read the messages. Implementing this is left as an exercise for the reader (and it’s not really trivial, which is why DoD and other TLAs have their own custom solutions known as security guards (try this one for an example). One way to start is by using a custom Outlook form that includes the BCC recipients. In fact, you could easily build an Exchange 2007 transport rule that would NDR any encrypted message that was not BCC’d to the security guard. Maybe I’ll try that next week…
Comments Off on Compliance and encryption
Filed under UC&C
Unified messaging and PINs
Exchange’s Unified Messaging server role controls access to the Outlook Voice Access interface in several ways. Today I want to talk about PIN authentication and how it works.
Every UM-enabled user will have an associated PIN. The PIN is stored as an encrypted string as an attribute of the user account object in Active Directory; the PIN is encrypted along with a salt, so it can’t easily be reversed. (Despite this protection it’s still a bad idea to choose your ATM PIN or AD password as a UM PIN, but of course you know better).
Administrators can set PIN policies that control the permissible length of the PINs and how long they remain valid. Users can reset their PINs at any time using OWA 2007 or Outlook 2007; when the PIN is reset, the user gets an e-mail containing the new PIN. This helps protect against denial-of-service attacks where user A logs in to user B’s voice mailbox and changes the PIN on the phone keypad. These policies are actually part of the UM mailbox policy objects, which you can use to specify some other settings as well- look for more details in a future post.
The UM role performs its own auditing of failed authentication attempts. When you call in to Outlook Voice Access, you get 3 tries to enter the PIN; if you fail, OVA hangs up and logs event ID 1013 to indicate the logon failure. If the failed authentication attempts continue, you’ll see event ID 1012, indicating that the user’s OVA access is locked. There’s also a perfmon counter that you can watch to see the number of failed logon attempts, but I’m in an airport and away from my UM server so I can’t post its exact name right now.
Filed under UC&C
Robichaux a free man
Excellent news: Stefan Robichaux, my fellow Cajun Marine, is off the hook for borrowing a picnic table for his marriage proposal.
Filed under Friends & Family
Seattle with David
Today marks a really special event: I’m taking David on a business trip with me, something I haven’t done for several years. He’s accompanying me to Seattle, so I can meet with some folks at our Redmond office. He doesn’t know it yet, but we’ll also be stopping at the Museum of Flight— I’ve always wanted to see it, and now I have an opportunity. I’m especially excited about the Barry Ross art exhibit. Ross illustrated the “I Learned About Flying From That” column in Flying magazine for many years. If you’re not a Flying reader, you may not know that ILAFFT is a monthly reader-submitted column that talks about dangerous experiences that pilots got themselves into, so his illustrations tend to be filled with peril. Should be a good show.
Of course, David being David, he’s equally excited about flying, eating airplane snacks, staying in a hotel, and seeing my partners– we’ll have a great trip!
Comments Off on Seattle with David
Filed under Travel
Microsoft buys Winternals/Sysinternals
Wow, this is a big surprise: Microsoft just announced that they’re buying Winternals, makers of a number of very useful free and commercial tools.
Filed under General Tech Stuff
China Syndrome : The True Story of the 21st Century’s First Great Epidemic (Greenfield)
by Karl Taro Greenfeld
I remember one of the first truly scary movies I ever saw: The Andromeda Strain. This book follows the same template: a previously unknown virus emerges and starts killing people, spreading rapidly. Of course, Andromeda was science fiction, and SARS was all too real. Greenfield, the former head of TIME Asia, observed the epidemic’s growth from his home in Hong Kong. He’s written a compelling day-by-day narrative of the progress of the outbreak, beginning with its initial spread from restaurant workers in Shenzhen to the waning days of the epidemic. Along the way, he clearly explains the scientific and political obstacles faced by the scientists who were trying to pinpoint the etiology of SARS and how to treat it.
Greenfield’s account gives a great deal of credit to some individual scientists, which IMHO is as it should be. He also lambasts the Chinese government for its obstructionist and deceitful response in the first two-thirds of the outbreak, which is also fitting, given how their delays and obfuscations needlessly killed their own citizens.
If I have any quibbles with the book, they’re with Greenfield’s somewhat breathless narrative style. I sometimes felt like I was reading a several-hundred-page-long magazine article. Greenfield nails the story, though, and his conclusion– that the human race dodged a bullet– is right on. Highly recommended. (However, don’t read it while traveling unless you want to suffer panic attacks every time someone near you on the airplane coughs or sneezes.)
Comments Off on China Syndrome : The True Story of the 21st Century’s First Great Epidemic (Greenfield)
Filed under Reviews
A few random travel tips
I thought I should jot down a few things I learned from my recent trips before I forgot them. First, South Africa really does use those whopping big power adapters. Connectors to make a standard Euro or US plug fit them are fairly easy to find, but you could save a few bucks by buying them beforehand. Don’t be like me and buy the UK plug thinking that it looks the same– the South Africa plug has three large cylindrical plugs.
Second, if you want to use a public phone at the Johannesburg airport, forget it. The only phones are at the Telkom kiosk on the upper level, and it closes well before the evening international flight bank. Take your mobile phone or use Skype (if, that is, you can get the airport wireless system to work with your laptop.)
Third, although the Amsterdam airport has lots of public phones, there are only two phones that allow calling card calls– one near gate D41, and the other near the nexus of terminals C, D, and E. You should expect these two phones to have long lines of folks waiting to use them.
Fourth, if you’re going to travel overseas, don’t depend on Verizon’s alleged world phone service. Their SIMs only work in Verizon-issued phones. Before my next trip, I’ll be making other arrangements.
Fifth, when you see people complaining about the battery life of the MacBook Pro, they’re not kidding. I averaged about 2:20 on each battery charge, which isn’t even close to enough for productive use on long flights. I’ll be much more careful about picking aircraft that have in-seat power in the future.
Sixth, don’t read books about SARS on airplanes unless you want to be unsettled during the entire trip.
Filed under Travel
New Live Communications Server book
Very cool: Amazon just put up an item on my home page to tell me that there’s a new book on Live Communications Server 2005: Professional Live Communications Server
Update: I got the book and have read the first three or four chapters. So far, it’s pretty good, though it’s light on some key details (e.g. which SRV records do you have to manually add to let auto-configuration work?)
Update: here’s my review.
Paul's Down-Home Page 